Microgrids enable aggregation of various types of generating and non-generating sources as a unified control unit. Microgrid control networks are connected to various external networks for a variety of reasons, for example Supervisory Control and Data Acquisition (SCADA) networks for demand-response applications and enterprise networks or the Internet for remote monitoring and control.
These external connections expose the microgrid to threats from remote adversaries, especially cyber attackers. This becomes especially concerning for installations in sensitive sites like military bases, where military missions depend on critical infrastructure, like microgrids, for their success.
One of the challenges in protecting microgrids is that the control networks require very low latencies. Using cryptographic protection that adds additional latency in communications may not be acceptable, for example, in real-time control for synchronization and/or stability.
Also, a complex network at the microgrid site with interconnected control and SCADA networks may make the process of acquiring security certifications like the DIACAP (Defense Information Assurance Certification & Accreditation Process) much harder. To address these issues, the present disclosure presents a cyber-security architecture that can provide a secure network of assured power enclaves (also called SNAPE) that is based on a unique cyber-security strategy that, in some embodiments, segregates communication networks needed for fast, real-time control for synchronization and stability from those used for external control signals and monitoring. This segregation can thereby reduce the “attack surface” for the microgrid control network drastically.
This segregation isolates the control networks such that they can, for example, use lightweight cryptography to, for instance, meet the low latency requirements. The new approach can reduce or minimize the cyber certification burden, for example, by reducing the certification scope to only a subset of the entire network.